drweb.com · Domains · Slashdot Mirror

that's the POWER that makes the world go round! by Anonymous Coward · 2017-07-19 07:04 · Score: -1 · on EU Court to Rule On 'Right to Be Forgotten' Outside Europe (wsj.com)

Just download a free antivirus livecd and scan your system with that.

Options include but are not limited to:

AVG:
https://www.avg.com/en-us/resc...
https://www.avg.com/en-us/down...

Avira:
https://www.avira.com/en/downl...

Bitdefender:
http://download.bitdefender.co...

Comodo:
https://www.comodo.com/busines...

Dr. Web:
https://free.drweb.com/aid_adm...

F-Secure:
ftp://ftp.f-secure.com/anti-vi...
https://www.f-secure.com/en/we...

Kaspersky:
http://support.kaspersky.com/v...
http://rescuedisk.kaspersky-la...

The malware is injected into Web sites .. by nickweller · 2015-11-11 13:00 · Score: 3, Informative · on Linux Ransomware Has Predictable Key, Automated Decryption Tool Released (csoonline.com)

"Typically, the malware is injected into Web sites via known vulnerabilities in site plugins or third-party software — such as shopping cart programs. ref

"Once launched with administrator privileges, the Trojan loads into the memory of its process files containing cybercriminals' demands:" ref

Re:Where have all the Slashdotters gone? by nickweller · 2015-07-28 09:46 · Score: 1 · on Swiss Researchers Describe a Faster, More Secure Tor

"Linux.BackDoor.Dklkt.1 .. tries to register itself in the system as a domain (system service). If the attempt fails, the backdoor terminates its work." ref

So, how does this malicious script get executed and achieve root in the first place, without user action and the user providing the root password?

Re:Wait, wait.... by Plumpaquatsch · 2015-06-24 04:07 · Score: 1 · on Hackers Exploit MacKeeper Flaw To Spread OS X Malware

Just one recent example: https://news.drweb.com/show/?i=9310&lng=en

Win32.Rmnet.12 is a complex multi-component file infector, consisting of several modules. This program is capable of self-replication.

Re:What now? by gnasher719 · 2014-10-02 04:01 · Score: 1 · on New OS X Backdoor Malware Roping Macs Into Botnet

dr web is saying their MAC antivirus will now detect it http://news.drweb.com/show/?i=...

Does their "MAC antivirus" only detect it if it is there, or does it detect it whether it's there or not? Most Mac "anti-virus" software is just scareware that will find viruses whether they are there or not.

Odd... by DaCo · 2014-10-02 03:09 · Score: 2 · on New OS X Backdoor Malware Roping Macs Into Botnet

Okay, I was curious about this one. According to the article here, they:

1. Work out the number of days since January 1st, 1900 (it doesn't say that explicitely, but gives tm->tm_yday + 365 * tm->tm_year). Today, that would be 41883
2. Work out the md5 hash of that, which would be ffeac4e88ea3d3c65678fcd434a65f83 for today
3. Truncate it to eight bytes, so ffeac4e8
4. Search it on Reddit with https://www.reddit.com/search?...

That gives no result, neither does the previous day (4cb43551) or even a couple of days ago (7b6461c8), so what gives?

Re:What now? by Barsteward · 2014-10-02 02:26 · Score: 1 · on New OS X Backdoor Malware Roping Macs Into Botnet

dr web is saying their MAC antivirus will now detect it http://news.drweb.com/show/?i=...

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Dr.Web Re:Thank Edward Snowden by Anonymous Coward · 2013-06-26 20:32 · Score: 0 · on Chinese Media Calls For Boycott of Cisco

"That's why I use Kaspersky at home. I doubt the FSB gives a damn about me, but to the NSA I'm suspicious because I buy Russian security software."

FTFY

You should look into Dr.Web. On their site, the Windows version (Trial) is easy to find. For others, here:

https://st.drweb.com/static/doc/avlinux/en/

http://www.freedrweb.com/livecd/
http://www.freedrweb.com/liveusb/

HTH

Linux users targeted by 'Wirenet' Trojan by Anonymous Coward · 2012-09-30 09:29 · Score: -1 · on WTFM: Write the Freaking Manual

-=-
Linux users targeted by password-stealing 'Wirenet' Trojan

Open source gets some attention

By John E Dunn | Techworld | Published: 12:58, 31 August 2012

http://news.techworld.com/security/3378804/linux-users-targeted-by-password-stealing-wirenet-trojan/
-=-
"Malware writers are interested in Linux after all. Russian security firm Dr Web has reported[1] finding a shadowy Trojan that sets out to steal passwords on the open source platform as well as OS X.

Technical details of Wirenet.1â(TM)s operation and technique for spreading are sparse for now, but the company reports that the backdoor program targets browser passwords for Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin.

Under Linux it copies itself to the ~ / WIFIADAPT directory before attempting to connect to a command and control server hosted at 212.7.208.65 using an AES encrypted channel. That at least offers a simple way of blocking communication and any further payloads.

Dr Web made a name for itself earlier this year reporting on the infamous Flashback Trojan[2] that hit Mac users on an unprecedented scale.

Itâ(TM)s not clear whether Wirenetâ(TM)s cross-platform capabilities extend to targeting Windows systems but it is possible that avoiding Microsoftâ(TM)s OS is a way of keeping off the radar of security firms.

Cross platform malware is rare but not unheard of, the usual technique being to hook into Java in search of victims using OS X.

Malware specifically designed to steal credentials from Linux systems is almost unheard of but might, on the basis of this new discovery, become a little less so in future.

Should Linux users be worried? Probably not. the details of how this malware might grab root mode on a Linux system are unknown. Atacking Linux users would also be a pretty rarified activity unless it was part of a highly-targeted attack.

"We do not have explicit evidence that it uses Java. To my knowledge it does not. This file was received from Virustotal," Dr Web analyst Igor Zdobnov told Techworld."

[1] http://news.drweb.com/show/?i=2679&lng=en&c=14
[2] http://news.techworld.com/security/3353152/flashback-trojan-still-on-650000-macs-security-company-discovers/
-=-

Get Dr. Web to do it by TheRealGrogan · 2012-04-11 06:41 · Score: 1 · on Apple Developing Tool To Remove Flashback

I'm surprised that Dr. Web hasn't come out with a tool for this. (They are pretty damned good at that sort of thing)

Actually, not a specific tool, but...

http://news.drweb.com/show/?i=2354&lng=en&c=14

"Rather than employ special tools provided by other vendors to delete BackDoor.Flashback.39, Doctor Web offers you to make use of the time-tested Dr.Web Light for Mac OS X rated among the top free applications in the Mac App Store. It will easily find and neutralize the Trojan horse and other malicious programs posing threat to your Mac." (quote from article)

I don't imagine this would be that difficult to ferret out on MacOS. It's not a complex morass of liquishit like Windows. Does the botnet trojan even run as root to be able to dig itself in? You don't need root to do normal user things like open network connections to participate in a botnet. I don't think there is any "rootkit" behaviour here.

Re:there is no Apple AV group by Anonymous Coward · 2012-04-10 21:52 · Score: 0 · on Apple Snubs Security Firm That Spotted Mac Botnet

When was the last time ANY computer got a "virus"? A self replicating piece of code that spread from that PC via contact with storage media, etc.?

"Viruses" are long dead. They are now worms, trojans, spyware, etc. etc. They do not spread the way a real virus spreads. Its an antiquated term than people just use to mean "malware" these days.

So apple can certainly claim they do not get "viruses". Neither do PC's.

Gee, according to Dr.Web (what do they know):

File viruses

File viruses are traditionally classified as malicious programs that infect, among other things, executables and can replicate themselves (i.e., capable of reproducing without user intervention). Based on the number of infections by year’s end, Win32.Rmnet.12 is the leader among file viruses. This virus was detected on users' computers 165,286,935 times, which equals 11.22% of all malware infections. Second place was taken by Win32.HLLP.Neshta, which was discovered 94,777,924 times throughout the year (6.44% of infections), and Win32.HLLP.Whboy.45 closed in on the top three (52,610,974 cases, which is 3.57% of the total).

In 2011, the family of file viruses was expanded with new malware instances: the leader on the list Win32.Rmnet.12, and Win32.HLLP.Novosel, and Win32.Sector.22, as well as many others.

And according to http://stat.drweb.com/ their software scanner found several hundred thousand files infected with a virus today. So to answer your question: a couple of minutes ago.

Re:Mac's don't get malware by pulski · 2012-04-10 07:13 · Score: 4, Informative · on Apple Snubs Security Firm That Spotted Mac Botnet

You're right how dare they, "get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit."?

"According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com."

Source: http://news.drweb.com/?i=2341&c=5&lng=en&p=0

Gotta be careful downloading all of that "kracked shit" from manufacturer's own websites.

Re:600,000 infections? by drdaz · 2012-04-05 07:24 · Score: 1 · on Flashback Trojan Hits 600,000 Macs and Counting

MYTHS!: https://vms.drweb.com/myths/

They also sell virus protection. These guys seem top notch.

They're a reliable source, but very misunderstood! by drdaz · 2012-04-05 06:59 · Score: 1 · on Flashback Trojan Hits 600,000 Macs and Counting

MYTHS!

https://vms.drweb.com/myths/

Re:600,000 infections? by boley1 · 2012-04-05 06:57 · Score: 2 · on Flashback Trojan Hits 600,000 Macs and Counting

According to the Dr. Web site: "Each bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts." Why such a strange distribution of infections? If you look at the list of known infected sites, you can see they would only appeal to a rather odd group of web surfers.

Link by drdaz · 2012-04-05 06:29 · Score: 1 · on Flashback Trojan Hits 600,000 Macs and Counting

http://news.drweb.com/?i=2341&c=5&lng=en&p=0

600,000 infections? by IrrepressibleMonkey · 2012-04-05 02:40 · Score: 1 · on Flashback Trojan Hits 600,000 Macs and Counting

Before we rehash the same old comments - and effectively clone a number of threads that have gone before, shouldn't we examine the claim of 600,000 infections?

That's the remarkable thing about this story. I'm not overly familiar with Dr.Web as a security company, but I'm more than a little skeptical about the distribution of infections.

The website gives little information about how the research was carried out http://news.drweb.com/?i=2341&c=5&lng=en&p=0.

How is it that the UK has seen 12.8% of worldwide infections, while Ireland has seen just 0.1% of infections? The UK has a population ten times bigger than Ireland, so given roughly equal market share (5 to 6%), you'd expect a tenth of number of infections or thereabouts.

Switzerland has a much higher market share than Ireland (17%) and a larger population, but comes out with the same 0.1%.

I'd like to understand how these numbers were arrived at and verfied. If they are genuine and valid, I'd love to know how Switzerland is staying safe, because we should probably all adopt their methodology.

Re:Public Defender by Anonymous Coward · 2009-12-05 05:52 · Score: 3, Informative · on "Accidental" Download Sending 22-Year-Old Man To Prison

because all antivirus software is made by people who are governed by the laws of the united states...

Nothing new by xded · 2009-01-22 14:29 · Score: 1 · on How To Diagnose a Suddenly Slow Windows Computer?

http://info.drweb.com/show/3342/en

Slashdot Mirror

Domain: drweb.com

Comments · 35